Table: splunk_app - Query Splunk Apps using SQL
Splunk Apps are applications that are designed to enhance and extend the functionality of the Splunk platform. These apps provide features like dashboards, reports, alerts, data inputs, and workflows, tailored for specific use-cases or data sources. They are a crucial part of the Splunk ecosystem, enabling users to customize and optimize their data analysis and visualization.
Table Usage Guide
The splunk_app
table provides insights into the applications available in the Splunk environment. As a data analyst or a security professional, you can explore app-specific details through this table, including the app version, description, and visibility. Utilize it to uncover information about the apps, such as their configuration, status, and the data sources they are designed to handle.
Examples
Basic info
Explore the basic details of your Splunk applications such as their names, versions, and authors. This can help in tracking the app updates and understanding the source of each application.
select name, version, authorfrom splunk_app;
select name, version, authorfrom splunk_app;
List apps that are not visible
Determine the apps that are hidden or not readily visible to users, useful for understanding which applications may not be fully accessible or utilized within your system.
select name, version, author, visiblefrom splunk_appwhere not visible;
select name, version, author, visiblefrom splunk_appwhere visible = 0;
List disabled apps
Determine the areas in which apps are disabled to understand their impact on the system's functionality. This can be useful in identifying potential issues or areas for improvement in the system's performance.
select name, version, author, disabledfrom splunk_appwhere disabled;
select name, version, author, disabledfrom splunk_appwhere disabled = 1;
List apps with auto-update check enabled
Discover the segments that have enabled the auto-update feature in their apps. This can assist in maintaining up-to-date applications and ensuring the latest features and security measures are in place.
select name, version, author, check_for_updatesfrom splunk_appwhere check_for_updates;
select name, version, author, check_for_updatesfrom splunk_appwhere check_for_updates = 1;
Schema for splunk_app
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
acl | jsonb | Access Control List for the app. | |
author | text | Author of this object in the system. | |
check_for_updates | boolean | If true, then check Splunkbase for app updates. | |
configured | boolean | If true, then Custom app setup is complete. | |
core | boolean | ||
description | text | App description. | |
details | text | URL to use for detailed information about the app. | |
disabled | boolean | If true, the app is disabled. | |
id | text | ID of the app. | |
label | text | App name. | |
links | jsonb | Links for the app resource. | |
managed_by_deployment_client | boolean | ||
name | text | = | Name of the app. |
show_in_nav | boolean | ||
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
state_change_requires_restart | boolean | ||
updated | timestamp with time zone | Time when the app was last updated. | |
version | text | App version. | |
visible | boolean | If true, app is visible and navigable from Splunk Web. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- splunk
You can pass the configuration to the command with the --config
argument:
steampipe_export_splunk --config '<your_config>' splunk_app